IT Governance Lead Apply
Our insurance client in NYC is seeking and individual to lead and support the GRC Team with its risk
management objectives and processes. 3 months with extensions. Ideally someone who can do some hybrid to NYC office, flexible on frequency.
This position will report to the Head of IT GRC and facilitating a seamless relationship with other IT teams (Control Owners), IT Cyber, Legal & Compliance,
and Audit teams. The position requires a SME with industry experience in GRC, understanding of Risk & Control standards, Control Design and Effectiveness Testing, Audit, and Cyber Security experience. This individual will be the lead for GRC PoD and SPOC for all aspects of IT GRC focused on further maturing
our IT GRC function.
Job Duties
Define/refine IT Policies and Guidelines aligned with NIST / NIST CSF framework.
Review and rationalize Control Matrix based on the Enterprise Risk Management Framework and in line with the Policies,Standards and Guidelines.
Manage scope of activities within the IT GRC POD for internal IT controls, evaluating the design and operational effectiveness, and retention of evidence.
Ensure the IT GRC POD team control activity is fit for purpose and aligns with industry best practice.
Manage the scope of work, review of the work by the POD team members, and help with any challenges for the team member or the Control owner that hampers the ability to
evidence control effectiveness in an efficient manner.
Provide the IT management team with periodic status reports and updates. Be an evangelist for discipline in control activity.
Liaise with Control Owners, Risk Officers, Auditors (Internal or External), Legal & Compliance, and Regulators to ensure support for control objectives.
Review, and evaluate and test IT controls regularly to ensure continuous effectives.
Provide recommendations and guidance to constantly evolve and improve controls and control activity via documented control process, testing process, evidencing process, and automation opportunities
Collaborate with IT Control Owners in identifying efficient ways of control implementation and testing for effectiveness, and related evidencing
Job Requirements:
10-15 years experience with IT Governance, Risk and, Compliance (GRC)
10+ experience leading a team and delivery GRC services
Experience with Design of Controls, Test for Effectiveness, and ability to create process to streamline Control implementation and testing
Well-versed in various regulations, standards, frameworks, and systems such as SOX, ISO 27001, NIST, CIS, NIST CSF, SIG, GDPR, PCI-DSS etc.
Certification in GRC and Cyber will be an added advantage and desirable
Clear understanding of IT audit methodologies and experience with Internal or External Audit in IT Risk and Controls
Experience with GRC tool like ServiceNow IRC, Archer, Logic Manager etc. will be an added advantage
Understands, reviews, provide a point of view on various SOC reports (SOC 1, SOC 2)
A degree in information technology/computer information systems or related equivalent experience
Ability to work under pressure in a fast-paced environment.
Strong attention to detail with an analy
